CLAIMS: 



1 . (Previously Presented) A method, in a data processing system, for handling 
personally identifiable information, said method comprising: 

providing, in a computer, a first set of object classes representing active entities in 
an information-handling process, wherein a limited number of privacy-related actions 
represent operations performed on data and wherein each of the active entities is a human 
being or legal entity; 

providing, in said computer, a second set of object classes representing data and 
rules in said information-handling process, wherein at least one object class has said rules 
associated with said data, and wherein said data represents said personally identifiable 
information; and 

processing transactions, in the data processing system, involving said personally 
identifiable information, using said computer and said first and second set of object 
classes, so as to enforce a privacy policy, associated with the personally identifiable 
information and defined by said rules, against one or more active entities represented by 
said first set of object classes, wherein each of the one or more active entities represented 
by said first set of object classes is a human being or legal entity, wherein: 

a first active entity represented by a first object class in said first set of object 
classes is a first data user that requests said personally identifiable information from a 
data subject that is a second active entity represented by a second object class in said first 
set of object classes, 

said data subject is an active entity that is personally identifiable by said 
personally identifiable information; 

a third active entity represented by a third object class in said first set of object 
classes is a second data user that requests personally identifiable information from said 
first data user, and 

said rules define if and how said personally identifiable information may be 
provided, by said first data user, to said second data user. 
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2. (Previously Presented) The method of claim 1, wherein said first set of object 
classes include one or more object classes representing parties, selected from the group 
consisting of 

a data user object class, 
a data subject object class, 
a guardian object class, and 
a privacy authority object class. 

3. (Previously Presented) The method of claim 1, wherein said at least one object 
class, having said rules associated with said data, represents a filled paper form, including 
both collected data and rules regarding said collected data. 

4-11. (Canceled) 

12. (Currently Amended) A system for handling personally identifiable information, 
said system comprising: 
a processor; and 

a memory coupled to the processor, wherein the memory comprises instructions 
which, when executed by the processor, cause the processor to: 

m e ans for providing provide , in a computer, a first set of object classes 
representing active entities in an information-handling process, wherein a limited number 
of privacy-related actions represent operations performed on data and wherein each of the 
active entities is a human being or legal entity; 

means for providing provide , in said computer, a second set of object classes 
representing data and rules in said information-handling process, wherein at least one 
object class has said rules associated with said data, and wherein said data represents said 
personally identifiable information; and 

m e ans for proc e ssing process transactions, in a data processing system, involving 
said personally identifiable information, using said computer and said first and second set 
of object classes, so as to enforce a privacy policy, associated with the personally 
identifiable information and defined by said rules, against one or more active entities 
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represented by said first set of object classes, wherein each of the one or more active 
entities represented by said first set of object classes is a human being or legal entity, 
wherein: 

a first active entity represented by a first object class in said first set of object 
classes is a first data user that requests said personally identifiable information from a 
data subject that is a second active entity represented by a second object class in said first 
set of object classes, 

said data subject is an active entity that is personally identifiable by said 
personally identifiable information; 

a third active entity represented by a third object class in said first set of object 
classes is a second data user that requests personally identifiable information from said 
first data user, and 

said rules define if and how said personally identifiable information may be 
provided, by said first data user, to said second data user. 

13. (Previously Presented) The system of claim 12, wherein said first set of object 
classes include one or more object classes selected from the group consisting of 

a data user object class, 
a data subject object class, 
a guardian object class, and 
a privacy authority object class. 

14. (Previously Presented) The system of claim 12, wherein said at least one object 
class, having said rules associated with said data, represents a filled paper form, including 
both collected data and rules regarding said collected data. 

1 5 . (Currently Amended) A comput e r usabl e computer-recordable medium having 
computer-executable instructions recorded thereon for handling personally identifiable 
information, said computer executable instructions comprising: 

m e ans instructions for providing in a computer a first set of object classes 
representing active entities in an information-handling process, wherein a limited number 
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of privacy-related actions represent operations performed on data and wherein each of the 
active entities is a human being or legal entity; 

m e ans instructions for providing in said computer a second set of object classes 
representing data and rules in said information-handling process, wherein at least one 
object class has said rules associated with said data, and wherein said data represents said 
personally identifiable information; and 

m e ans instructions for processing transactions, in a data processing system, 
involving said personally identifiable information, using said computer and said first and 
second set of object classes, so as to enforce a privacy policy, associated with the 
personally identifiable information and defined by said rules, against one or more active 
entities represented by said first set of object classes, wherein each of the one or more 
active entities represented by said first set of object classes is a human being or legal 
entity, wherein: 

a first active entity represented by a first object class in said first set of object 
classes is a first data user that requests said personally identifiable information from a 
data subject that is a second active entity represented by a second object class in said first 
set of object classes, 

said data subject is an active entity that is personally identifiable by said 
personally identifiable information; 

a third active entity represented by a third object class in said first set of object 
classes is a second data user that requests personally identifiable information from said 
first data user, and 

said rules define if and how said personally identifiable information may be 
provided, by said first data user, to said second data user. 

1 6. (Currently Amended) The comput e r usabl e computer-recordable medium of 
claim 15, wherein said first set of object classes include one or more object classes 
representing parties, selected from the group consisting of 

a data user object class, 

a data subject object class, 

a guardian object class, and 
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a privacy authority object class. 

17. (Previously Presented) The computer-usable medium of claim 15, wherein said at 
least one object class, having said rules associated with said data, represents a filled paper 
form, including both collected data and rules regarding said collected data. 

18. (Canceled) 

19. (Previously Presented) The method of claim 1, further comprising: 
transforming, based on said rules, said personally identifiable information into a 

depersonalized format prior to providing said personally identifiable information to the 
second data user. 

20. (Canceled) 

21. (Currently Amended) The system of claim 12, furth e r comprising: 

m e ans for transforming wherein the instructions further cause the processor to 
transform , based on said rules, said personally identifiable information into a 
depersonalized format prior to providing said personally identifiable information to the 
second data user. 

22. (Currently Amended) The comput e r usabl e computer-recordable medium of 
claim 15, said computer executable instructions further comprising: 

m e ans instructions for transforming, based on said rules, said personally 
identifiable information into a depersonalized format prior to providing said personally 
identifiable information to the second data user. 
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